is it a malware ?
win32tr/-/newmedia
hku s-1-5-18/software/1do-bfc9-00aa005b4383
hkus-1-5-2-365139939/-/tions:nobrowseroption
hku:default/software/-/xplorer/toolbar:locked
hku:s-1-5-18/software/-/xplorer/toolbar:locked
false positive ?
Started by
jeanbal
, Jan 22 2009 08:33 PM
7 replies to this topic
#2
LS CalamityJane
-
- Members
-
- 8814 posts
Former Lavasoft Staff
Posted 23 January 2009 - 02:01 AM
Hi jeanbal,
If you could post the logs from the scan that would sure help. Here is a guide on how to do that.
http://www.lavasofts...showtopic=18033
That will give our Research Team the info needed to investigate further for you.
If you could post the logs from the scan that would sure help. Here is a guide on how to do that.
http://www.lavasofts...showtopic=18033
That will give our Research Team the info needed to investigate further for you.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
#3
jeanbal
-
- Members
-
- 30 posts
Advanced Member
Posted 23 January 2009 - 03:29 PM
Hi jeanbal,
If you could post the logs from the scan that would sure help. Here is a guide on how to do that.
http://www.lavasofts...showtopic=18033
That will give our Research Team the info needed to investigate further for you.
here is the log
Attached Files
-
Scan_2009_01_22_18_18_25.log 9.43K
5 downloads
#4
LS Andy
-
- Root Admin
-
- 1445 posts
Lavasoft Staff/Forum Overlord
Posted 24 January 2009 - 08:20 AM
Hi jeanbal,
Thanks for posting the log file. We will investigate further - if this is a false positive, it will be removed from the detection database.
Regards,
Andy
Lavasoft Research
Thanks for posting the log file. We will investigate further - if this is a false positive, it will be removed from the detection database.
Regards,
Andy
Lavasoft Research
#5
RDR
-
- Members
-
- 1 posts
Newbie
Posted 25 January 2009 - 04:57 PM
I ran Ad-Aware 2008 regularly. Today I downloaded and ran for the first time the Ad-Aware Anniversary Edition. It found Win32Tr\.\NewMedia (as did the initial poster). (I think it was a "." and not a "-", but I could be wrong). I allowed the program to delete it and am running a full scan of the hard drive with Ad-Aware (so far it's clean). However I have Norton 360 and keep it up to date so I would be surprised if there were a real threat on this hard drive. Anyway, I felt I should report it here. And I don't know if I can send you the file as an attachment because I am already rerunning Ad-Aware; if it is possible I will attempt to do so.
I wish to thank all of you at Ad-Aware / Lavasoft for all of the work you do to supply millions of us with a free tool for identifying and removing cookies and malware. That is increasingly rare in our society and world. I just wish to express my appreciation.
I wish to thank all of you at Ad-Aware / Lavasoft for all of the work you do to supply millions of us with a free tool for identifying and removing cookies and malware. That is increasingly rare in our society and world. I just wish to express my appreciation.
#6
LS Andy
-
- Root Admin
-
- 1445 posts
Lavasoft Staff/Forum Overlord
Posted 26 January 2009 - 07:24 AM
@RDR - thanks for your report and kind words. We really appreciate it!
@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!
Regards,
Andy
Lavasoft Research
@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!
Regards,
Andy
Lavasoft Research
#7
PeteL
-
- Members
-
- 1 posts
Newbie
Posted 01 February 2009 - 03:38 PM
@RDR - thanks for your report and kind words. We really appreciate it!
@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!
Regards,
Andy
Lavasoft Research
OK, I hit the same false positive and followed the recomenation to quarantine. What's to be done now. Should it be restored or just left alone?
#8
LS CalamityJane
-
- Members
-
- 8814 posts
Former Lavasoft Staff
Posted 14 February 2009 - 05:09 AM
I believe this one was resolved in a subsequent update. Moving this topic to the *Resolved* section (read only).
If you are still having a problem, please post a new topic so we can take a fresh look at it.
For posting about False positives, please use this Guide
http://www.lavasofts...showtopic=18033
If you are still having a problem, please post a new topic so we can take a fresh look at it.
For posting about False positives, please use this Guide
http://www.lavasofts...showtopic=18033
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
Look for the *New Topic* Button near the top right when viewing the forums.
Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center
Microsoft MVP/Windows - Security 2003-2009
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
